.NET Core OAuth IdentityServer4 Token AllowAnonymous 刷新token RefreshToken Postman截图

已于 2023-02-13 09:56:56 修改
阅读量4.1k 收藏 4
点赞数
分类专栏: .NET Core 文章标签: .net core OAuth2 IdentityServer4 token
于 2019-03-21 18:57:15 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/KingCruel/article/details/88722775
版权

身份验证和 ASP.NET Web API 中的授权 
IdentityServer4 Reference Token
IdentityServer4 1.0.0 documentation(官网)    

业务逻辑
● 搭建 授权服务器 和 资源服务器
● 给App客户端发放 AppId 和 AppSecret
● 用户向App客户端提供自己的 账号 和 密码
● App客户端将AppId、AppSecret、账号、密码提交到 授权服务器
● 授权服务器通过授权,发放token和refresh_token
● 客户端通过 token 与 资源服务器 进行对接,并对 token 进行管理,防止失效

定义

Authentication:认证,身份验证,确定用户是谁;想要说明白的是 你是谁(你的身份是什么)

Authorization:授权,确定用户能做什么,不能做什么;想要说明白的是 你能做什么(得到了什么权限)

授权

授权筛选器(Authorization filter)在 action 之前运行。若请求未授权,返回错误,action 不运行。
在 action 内部,可以用 ApiController.User 属性获取主体对象,做进一步的控制。
[Authorize] 属性
AuthorizeAttribute 是内置的授权筛选器。用户未通过身份验证时,它返回 HTTP 401 状态码。可以在全局,控制和 action 三个级别应用它。
参考网址:ASP.NET MVC 筛选器

自定义授权筛选器

AuthorizeAttribute:基于用户和角色进行授权。
AuthorizationFilterAttribute:不基于用户和角色的同步授权。
IAuthorizationFilter:实现此接口执行异步授权逻辑。例如,授权逻辑中有对 IO 或网络的异步调用。(CPU-bound的授权逻辑更适合从 AuthorizationFilterAttribute 派生,这样不必写异步方法)。

全局级别应用:【\App_Start\WebApiConfig.cs】应用

public static void Register(HttpConfiguration config)
{
    config.Filters.Add(new AuthorizeAttribute());
}

控制器级别应用

[Authorize]
public class ValuesController : ApiController
{
    public IEnumerable<string> Get()
    {
        return new string[] { "value1", "value2" };
    }
}

Action 级别应用

public class ValuesController : ApiController
{
    [Authorize]
    public string Get(int id)
    {
        return "value";
    }
}

控制器应用 [Authorize] 时,在 Action 应用 [AllowAnonymous] 取消某个 Action 授权

[Authorize]
public class ValuesController : ApiController
{
    [AllowAnonymous]
    public string Get(int id)
    {
        return "value";
    }
}

指定角色和用户进行限制

[Authorize(Roles = "Administrators", Users = "Alice,Bob")]
public class ValuesController : ApiController
{
    public string Get(int id)
    {
        return "value";
    }
}

代码参考

1、NuGet 引用
   Microsoft.AspNetCore.Authentication.OAuth
   IdentityServer4

2、资源配置(Config.cs)

using IdentityModel;
using IdentityServer4.Models;
using IdentityServer4.Test;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;

namespace OAuth2IdentityServer.OAuth2
{
    public class Config
    {
        public static IEnumerable<IdentityResource> GetIdentityResourceResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(), //必须要添加,否则报无效的scope错误
                new IdentityResources.Profile(),
                new IdentityResources.Email(),
                new IdentityResource
                {
                    Name = "role",
                    UserClaims = new List<string> {"role"}
                }
            };
        }

        public static IEnumerable<Scope> GetScopes()
        {
            return new List<Scope>
            {
                new Scope
                {
                    Name = "api1",
                    Description = "My API",
                },
                //如果想带有RefreshToken,那么必须设置:StandardScopes.OfflineAccess
                //StandardScopes.OfflineAccess,
            };
        }

        public static IEnumerable<ApiResource> GetApiResources()
        {
            return new List<ApiResource>
            {
                new ApiResource("clientservice", "CAS Client Service"),
                new ApiResource("agentservice", "CAS Agent Service"),
                new ApiResource("productservice", "CAS Product Service")
                {
                    ApiSecrets = { new Secret("api1pwd".Sha256()) }
                },
                new ApiResource
                {
                    Name = "customAPI",
                    DisplayName = "Custom API",
                    Description = "Custom API Access",
                    UserClaims = new List<string> {"role"},
                    ApiSecrets = new List<Secret> {new Secret("scopeSecret".Sha256())},
                    Scopes = new List<Scope>
                    {
                        new Scope("customAPI.read"),
                        new Scope("customAPI.write")
                    }
                }
            };
        }

        public static IEnumerable<ApiResource> GetResources()
        {
            return new List<ApiResource>
            {
                new ApiResource { Name = "ImageResource", Scopes ={ new Scope ("ImageResource") }},//Scopes必须配置,否则获取token时返回 invalid_scope                
                new ApiResource { Name = "FileResourse" },
                new ApiResource { Name ="Api", Scopes = { new Scope ("Api") }}
            };
        }

        /// <summary>
        /// Define which uses will use this IdentityServer
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<TestUser> GetUsers()
        {
            return new[]
            {
                new TestUser
                {
                    SubjectId = "10001",
                    Username = "edison@hotmail.com",
                    Password = "edisonpassword"
                },
                new TestUser
                {
                    SubjectId = "10002",
                    Username = "andy@hotmail.com",
                    Password = "andypassword"
                },
                new TestUser
                {
                    SubjectId = "10003",
                    Username = "leo@hotmail.com",
                    Password = "leopassword"
                },
                new TestUser
                {
                    SubjectId = "5BE86359-073C-434B-AD2D-A3932222DABE",
                    Username = "scott",
                    Password = "password",
                    Claims = new List<Claim>
                    {
                        new Claim(JwtClaimTypes.Email, "scott@scottbrady91.com"),
                        new Claim(JwtClaimTypes.Role, "admin")
                    }
                }
            };
        }
    }
}

3、资源配置(Clients.cs)

using IdentityServer4;
using IdentityServer4.Models;
using IdentityServer4.Stores;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace OAuth2IdentityServer.OAuth2
{
    public class Clients
    {
        /// <summary>
        /// 授权模式:客户端模式 GrantTypes.ClientCredentials
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<Client> GetClients()
        {
            return new List<Client>
            {
                //client credentials client(OK)
                new Client
                {
                    ClientId = "ClientIdOK",
                    AllowedGrantTypes = GrantTypes.ClientCredentials,//授权模式:客户端模式
                    AllowedScopes = { "ImageResource","Api" }, //允许访问的资源 GetResources()中配置的
                    ClientSecrets = { new Secret { Value= "ClientSecret".Sha256(), Expiration = DateTime.Now.AddMinutes(5)} }
                },
                //client credentials client(OK)
                new Client
                {
                    ClientId = "client1",
                    ClientName = "Example Client Credentials Client Application",
                    AllowedGrantTypes = GrantTypes.ClientCredentials,//授权模式:客户端模式
                    AllowedScopes = //对应的是 “OAuth2.Config.GetApiResources()” 或 “OAuth2.Config.GetResources()”中的资源
                    {
                        "ImageResource", "Api",
                        //IdentityServerConstants.StandardScopes.OpenId, //加上此参数报错
                        //IdentityServerConstants.StandardScopes.Profile,//加上此参数报错
                        //IdentityServerConstants.StandardScopes.OfflineAccess,//加上此参数报错
                    },
                    ClientSecrets = { new Secret("181a7853053b4be9b0ac9d9c709f3ecd".Sha256()) },
                    AllowedCorsOrigins = new List<string> { "http://localhost:44389" },
                    RedirectUris = { "http://localhost:6321/Home/AuthCode" },//登录成功重定向地址
                    PostLogoutRedirectUris = { "http://localhost:44389/" },//退出重定向地址
                    AccessTokenLifetime = 3600, //AccessToken过期时间, in seconds (defaults to 3600 seconds / 1 hour)
                    AuthorizationCodeLifetime = 300,  //设置AuthorizationCode的有效时间,in seconds (defaults to 300 seconds / 5 minutes)
                    AbsoluteRefreshTokenLifetime = 2592000,  //RefreshToken的最大过期时间,in seconds. Defaults to 2592000 seconds / 30 day
                },
                // resource owner password grant client
                new Client
                {
                    ClientId = "client2",
                    ClientName = "Example Client Credentials Client Application",
                    AccessTokenType = AccessTokenType.Jwt,
                    //AccessTokenType = AccessTokenType.Reference,
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    ClientSecrets = { new Secret("ClientSecret".Sha256()) },
                    AllowedCorsOrigins = new List<string> { "http://localhost:44389" },
                    RefreshTokenExpiration = TokenExpiration.Sliding,
                    SlidingRefreshTokenLifetime = 5*60,
                    UpdateAccessTokenClaimsOnRefresh = true,
                    AllowOfflineAccess = true, //刷新令牌来进行长时间的API访问
                    AllowedScopes = new List<string> 
                    { 
                        "ImageResource", 
                        "Api",
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.OfflineAccess, 
                    },
                    RedirectUris = { "http://localhost:6321/Home/AuthCode" },
                    PostLogoutRedirectUris = { "http://localhost:6321/" },
                    AccessTokenLifetime = 3600, //AccessToken过期时间, in seconds (defaults to 3600 seconds / 1 hour)
                    AuthorizationCodeLifetime = 300,  //设置AuthorizationCode的有效时间,in seconds (defaults to 300 seconds / 5 minutes)
                    AbsoluteRefreshTokenLifetime = 2592000,  //RefreshToken的最大过期时间,in seconds. Defaults to 2592000 seconds / 30 day
                },
                //Implicit
                new Client
                {
                    ClientId = "openIdConnectClient",
                    ClientName = "Example Implicit Client Application",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.Email,
                        "role",
                        "customAPI.write"
                    },
                    RedirectUris = new List<string> {"https://localhost:44330/signin-oidc"},
                    PostLogoutRedirectUris = new List<string> {"https://localhost:44330"},
                    AccessTokenLifetime = 3600, //AccessToken过期时间, in seconds (defaults to 3600 seconds / 1 hour)
                    AuthorizationCodeLifetime = 300,  //设置AuthorizationCode的有效时间,in seconds (defaults to 300 seconds / 5 minutes)
                    AbsoluteRefreshTokenLifetime = 2592000,  //RefreshToken的最大过期时间,in seconds. Defaults to 2592000 seconds / 30 day
                }
            };
        }

        public static IEnumerable<Client> GetClientsTest()
        {
            return new List<Client>
            {
                new Client
                {
                    ClientId = "ClientId",
                    AllowedGrantTypes = GrantTypes.ClientCredentials,//授权模式:客户端模式
                    AllowedScopes ={ "ImageResource","Api" }, //允许访问的资源 GetResources()中配置的
                    ClientSecrets ={ new Secret { Value= "ClientSecret".Sha256(), Expiration=DateTime.Now.AddMinutes(5)} }
                }
            };
        }
    }
}

4、ResourceOwnerPasswordValidator.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using IdentityModel;
using IdentityServer4.Models;
using IdentityServer4.Validation;

namespace OAuth2IdentityServer.OAuth2
{
    public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
    {
        private readonly IUserRepository _userRepo;//数据库仓储类
        private readonly IReferenceTokenStore _reference;
        private readonly IPersistedGrantStore _persisted;

        public ResourceOwnerPasswordValidator(IUserRepository userRepo, IReferenceTokenStore reference, IPersistedGrantStore persisted)
        {
            _userRepo = userRepo;
            _reference = reference;
            _persisted = persisted;
        }

        public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
        {
            if (context.Request.GrantType == GrantType.AuthorizationCode)
            {
                string a = "";
            }
            else if (context.Request.GrantType == GrantType.ResourceOwnerPassword)
            {
                #region 获取所有请求参数:grant_type、client_Id、client_secret、username、password、eid、device_id
                var validatedRequestDictionary = context.Request.Raw.AllKeys.ToDictionary(s => s, s => context.Request.Raw[s]);
                string eid = validatedRequestDictionary["eid"];
                string device_id = validatedRequestDictionary["device_id"];
                #endregion
            }

            //根据context.UserName和context.Password与数据库的数据做校验,判断是否合法
            if (context.UserName == "wjk" && context.Password == "123")
            {
                _reference.RemoveReferenceTokensAsync(context.UserName, clientId);
                _persisted.RemoveAllAsync(context.UserName, clientId);

                context.Result = new GrantValidationResult(
                 subject: context.UserName,
                 authenticationMethod: "custom",
                 claims: GetUserClaims());
            }
            else
            {
                //验证失败
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "invalid custom credential");
            }
        }

        //可以根据需要设置相应的Claim
        private Claim[] GetUserClaims()
        {
            return new Claim[]
            {
                new Claim("UserId", 1.ToString()),
                new Claim(JwtClaimTypes.Name,"wjk"),
                new Claim(JwtClaimTypes.GivenName, "jaycewu"),
                new Claim(JwtClaimTypes.FamilyName, "yyy"),
                new Claim(JwtClaimTypes.Email, "977865769@qq.com"),
                new Claim(JwtClaimTypes.Role,"admin")
            };
        }
    }
}

5、ProfileService.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using IdentityServer4.Models;
using IdentityServer4.Services;

namespace OAuth2IdentityServer.OAuth2
{
    public class ProfileService : IProfileService
    {
        public async Task GetProfileDataAsync(ProfileDataRequestContext context)
        {
            try
            {
                //depending on the scope accessing the user data.
                var claims = context.Subject.Claims.ToList();

                //set issued claims to return
                context.IssuedClaims = claims.ToList();
            }
            catch (Exception ex)
            {
                //log your error
            }
        }

        public async Task IsActiveAsync(IsActiveContext context)
        {
            context.IsActive = true;
        }
    }
}

6、Startup.cs(“认证服务器”配置 IdentityServer,颁发 token)

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using OAuth2IdentityServer.OAuth2;

namespace OAuth2IdentityServer
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

            #region 对应 grant_type = Client_Credentials 模式(测试通过 - OK)

            //services.AddIdentityServer()
            //    .AddDeveloperSigningCredential()
            //    .AddInMemoryApiResources(Config.GetResources())
            //    .AddInMemoryClients(Clients.GetClients());

            #endregion

            #region 对应 grant_type = Resource_Owner_Password 模式(测试通过 - OK)

            //services.AddIdentityServer()
            //    .AddDeveloperSigningCredential()
            //    .AddInMemoryApiResources(Config.GetResources())
            //    .AddInMemoryClients(Clients.GetClients())
            //    .AddResourceOwnerValidator<ResourceOwnerPasswordValidator>()
            //    .AddProfileService<ProfileService>();

            #endregion

            #region 同时兼容 Client_Credentials 和 Resource_Owner_Password 模式(测试通过 - OK)
            services.AddIdentityServer()
                .AddDeveloperSigningCredential()
                .AddInMemoryApiResources(Config.GetResources())
                .AddInMemoryClients(Clients.GetClients())
                .AddResourceOwnerValidator<ResourceOwnerPasswordValidator>()
                .AddProfileService<ProfileService>();
            #endregion

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }

            app.UseHttpsRedirection();
            app.UseStaticFiles();
            app.UseCookiePolicy();

            app.UseIdentityServer();

            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{controller=Home}/{action=Index}/{id?}");
            });
        }
    }
}

7、Program.cs

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;

namespace OAuth2IdentityServer
{
    public class Program
    {
        public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Build().Run();
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
                .UseStartup<Startup>();
    }
}

8、启动项目之后,浏览器输入 https://localhost:44305/.well-known/openid-configuration 查看文档(端口号以项目运行的真实地址为准)

9、获取token(Client Credentials 模式)

10、获取token(Resource Owner Password 模式)

扩展参数、扩展参数、扩展参数
注意、注意、注意、除了必要参数还可以添加扩展参数,比如:eid,device_id


刷新令牌:获取 token 并且包含刷新令牌 refresh_token(Resource Owner Password 模式)
refresh_token 的作用就是,在 access_token 过期的时候,不需要再通过一些凭证申请 access_token,而是直接通过 refresh_token 就可以重新申请 access_token。如果标记了offline_access,则生成 refreshToken,否则不生成。

*
利用refresh_token(刷新令牌),RefreshToken(刷新令牌),更新access_token(token值)
refresh_token 的作用就是,在 access_token 过期的时候,不需要再通过一些凭证申请 access_token,而是直接通过 refresh_token 就可以重新申请 access_token。
如果 Clients 的 AllowedScopes 包含 IdentityServerConstants.StandardScopes.OpenId 或 IdentityServerConstants.StandardScopes.Profile 响应信息Response中会包含 id_token



*
利用 token 获取当前登录信息(connect/userinfo)


*、资源服务器,Startup.cs 配置如下:

using IdentityModel;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;

namespace ImageResourceApi
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(config =>
            {
                config.DefaultScheme = "Bearer";
            }).AddIdentityServerAuthentication(option =>
            {
                option.Authority = "https://localhost:44308"; //认证服务的url
                option.ApiName = "ImageResource";
                option.ApiSecret = "ClientSecret".ToSha256();// 访问的secret
                option.SaveToken = true;
                //options.EnableCaching = true;
                //options.CacheDuration = TimeSpan.FromMinutes(10);
                option.RequireHttpsMetadata = false;//如果授权认证服务器访问地址是https开头,设置成true,如果授权认证服务器访问地址是http开头,设置成false【注意注意】
            });

            方式2(待验证)
            services.AddAuthentication("Bearer")
            .AddJwtBearer("Bearer", options =>
            {
                options.Authority = Configuration["IdentityAuthentication:Authority"];
                options.RequireHttpsMetadata = true;
                options.Audience = Configuration["IdentityAuthentication:ApiName"];
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateLifetime = true,//是否验证失效时间
                    ClockSkew = TimeSpan.FromSeconds(30),
                };
                options.Events = new JwtBearerEvents
                {
                    OnAuthenticationFailed = context =>
                    {
                        //Token expired
                        if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
                        {
                            context.Response.Headers.Add("Token-Expired", "true");
                        }
                        context.Response.ContentType = "application/json";
                        context.Response.WriteAsync(JsonConvert.SerializeObject(new { code = "401", msg = "Unauthorized" }));
                        return Task.CompletedTask;
                    }
                };
            });
            方式2(待验证)

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }

            app.UseHttpsRedirection();

            //使用认证
            app.UseAuthentication();

            app.UseMvc();
        }
    }
}

*、资源服务器:在需要进行授权验证的资源接口(controller控制器或方法)上设置AuthorizeAttribute:

using System.Collections.Generic;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace ImageResourceApi.Controllers
{
    [Authorize]
    [Route("api/[controller]")]
    [ApiController]
    public class ValuesController : ControllerBase
    {
        // GET api/values
        [HttpGet]
        public ActionResult<IEnumerable<string>> Get()
        {
            return new string[] { "value1", "value2" };
        }

        // GET api/values/5
        [HttpGet("{id}")]
        public ActionResult<string> Get(int id)
        {
            return "value";
        }

        // POST api/values
        [HttpPost]
        public void Post([FromBody] string value)
        {
        }

        // PUT api/values/5
        [HttpPut("{id}")]
        public void Put(int id, [FromBody] string value)
        {
        }

        // DELETE api/values/5
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
        }
    }
}

*、客户端 发送web请求 资源服务器,PostMan方式如下:

【注意:】“认证服务器”中\OAuth2\Clients.cs =>AllowedScopes  要和 “资源服务器” Startup.cs => option.ApiName 的值相匹配

*、

*、

*、

KingCruel
关注
  • 0
    点赞
  • 4
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
.net core IDEntityServer4客户端模式(Client Credentials)
07-27
IdentityServer4客户端模式(Client Credentials),项目分为身份授权服务、客户端、被访问资源。客户端通过密钥向授权服务器请求AccessToken,客户端携带AccessToken向有身份验证的资源获取数据。
.net core 3.1 IdentityServer4单点登陆
10-09
.net core 3.1 IdentityServer4实现单点登陆,包含三块项目代码,base为登陆中心,mall和erp是子系统,其中一个登陆后,刷新另外两个系统,状态会变成已登陆状态
.NET Core OAuth IdentityServer4 AllowAnonymous Policy 白名单 .NET 5 IdentityServer4 4.X版本 授权策略
KingCruel的专栏
11-15 843
.NET Core 3.XController中配置[AllowAnonymous] 1、 * * * * * * *
.net core 3.1 AllowAnonymous特性无效
elvismile的博客
01-16 7979
.net core 2.0 自定义权限过滤器和忽略验证的实现方式 继承Microsoft.AspNetCore.Mvc.Filters.IAuthorizationFilter实现自定义的过滤器 在不需要过滤器验证的Action或Controller上增加特性[AllowAnonymous] 在过滤器的OnAuthorization方法内对该特性进行判断,包含该特性的Controller或者Ac...
php从cert中获取公钥_.Net CoreIdentityServer4Token的应用小知识
weixin_39695241的博客
12-10 869
一、前言上面分享了IdentityServer4 两篇系列文章,核心主题主要是密码授权模式及自定义授权模式,但是仅仅是分享了这两种模式的使用,这篇文章进一步来分享IdentityServer4的授权流程及refreshtoken。系列文章目录(没看过的先看这几篇文章再来阅读本文章):Asp.Net Core IdentityServer4 中的基本概念Asp.Net Core 中IdentityS...
[C#].Net Core下全局自定义身份过滤器使用AllowAnonymous属性
weixin_34050389的博客
11-16 1035
假设一种情况:项目中需要做认证和权限控制,而且需要权限才能访问的控制器要远多于可以匿名访问的(类似AO系统那样,登陆了才能用)。 那在每个控制器上加一个[Authorize]是能解决问题,反正正我是觉得麻烦。 而且Core自带的权限认证机制不满足于复杂的身份权限认证,打算像在Framework中一样注册一个全局过滤器,然后用[AllowAnonymous]来放行可以匿名的控制器或者方法...
.NET 6 OAuth2.0 IdentityServer4 4.X PasswordToken(创建Token) RefreshToken(刷新Token) RevokeToken(撤销Token
KingCruel的专栏
11-16 4439
.NET Core OAuth IdentityServer4 AllowAnonymous Policy 白名单 .NET 5 IdentityServer4 4.X版本 1、Program.cs using AuthService; using AuthService.CoreLibrary; using AuthService.Filters; using System.Data; using System.Data.SqlClient; var builder = WebApplication
.net core 3.1 IdentityServer4 客户端凭据模式
05-22
.NET Core 3.1框架下,IdentityServer4是一个强大的身份认证服务器,它遵循开放授权标准,如OAuth2和OpenID Connect。客户端凭据模式(Client Credentials Grant)是OAuth2授权类型之一,常用于服务器之间的身份...
IdentityServer4-Demo:Asp.Net Core 2.2使用IdentityServer4的用户名密码模式保护资源服务器的原型
03-23
1. **安装依赖包**: 首先,你需要在项目中安装 `IdentityServer4` 和 `IdentityServer4.AspNetIdentity` NuGet 包,这两个包提供了核心服务和 Asp.Net Core 用户身份验证支持。 2. **配置 IdentityServer**: 在 `...
【ASP.NET编程知识】基于.net4.0实现IdentityServer4客户端JWT解密.docx
05-21
IdentityServer4 是一个基于 .NET Core 的身份验证服务器框架,它提供了基于 Jwt 的身份验证机制。IdentityServer4 支持多种身份验证协议,包括 OpenID Connect、OAuth 2.0 等。IdentityServer4 提供了一个完整的...
IdentityServer4 获取Token刷新Token
码农的专栏
08-20 4085
【代码】IdentityServer4 获取Token刷新Token
第11章 初识IdentityServer4
zhoujian_911的专栏
12-04 592
4 注意: 4.1 启动 把所有项目的启动方式修改为:“IIS Express” 4.2 设定“JwtBearer”令牌(Token)缓冲过期时间为:0 4.2.1 通过“IdentityServer4.AccessTokenValidation”中间件设定 //通过“IdentityServer4.AccessTokenValidation”中间件,把“JwtBearer”中间件注入.Net7框架内置容器中, builder.Services.AddAuthentication("Bearer")
IdentityServer4 Reference Token 刷新token Postman截图
KingCruel的专栏
12-25 2295
.NET Core OAuth IdentityServer4 Token OAuth 身份认证 IdentityServer4 IdentityServer4 1.0.0 documentation(官网) IdentityServer4 中文文档(v1.0.0) 第一部分 简介、第二部分 快速入门、第三部分 主题、第四部分 参考、第五部分 端点、第六部分 其它 当使用 Ref...
Asp.Net Core中JWT刷新Token解决方案
极客神殿
12-23 3116
Asp.Net Core中JWT刷新Token解决方案
asp.net core 自定义 Policy 替换 AllowAnonymous 的行为
dotNET跨平台
11-22 591
asp.net core 自定义 Policy 替换 AllowAnonymous 的行为Intro最近对我们的服务进行了改造,原本内部服务在内部可以匿名调用,现在增加了...
实现Token刷新机制
最新发布
youngerxsd的博客
08-23 1907
开发的项目中,如果正在项目中编辑信息,编辑信息的时间的过程中token失效可能导致信息丢失怎么办?
token过期 刷新token
Lixw296182的博客
03-01 1241
token过期刷新token
Dotnet core使用JWT认证授权最佳实践(一)
dotNET跨平台
05-30 1645
最近,团队的小伙伴们在做项目时,需要用到JWT认证。遂根据自己的经验,整理成了这篇文章,用来帮助理清JWT认证的原理和代码编写操作。一、JWTJSON Web Token (JWT)是一...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值